From Joomla! Documentation

This document has now been replaced by the website at [http://vel.joomla.org/ from 1st May] 2013

+

−

Please refer to there for the latest updates

+

+

{{notice|This document has now been replaced by the website at [http://vel.joomla.org/] vel.joomla.org from 1st May 2013

+

Please refer to there for the latest updates}}

<!-- ***all wiki editors*** - do NOT touch without notice -->

<!-- ***all wiki editors*** - do NOT touch without notice -->

Line 9:

Line 11:

== Check and Report. ==

== Check and Report. ==

'''Please check with the extension publisher in case of any questions over the security of their product.'''

'''Please check with the extension publisher in case of any questions over the security of their product.'''

−

Report Vulnerable extensions in the [[jforum:432|security forum]] clearly marked with the first word in the title being ''Vulnerable'' where the security moderators or JSST team will respond.

+

{{notice|small=yes|image=Stop hand nuvola.svg

+

|header=Procedure change|All reports are now to be made via vel.joomla.org.}}

+

Report Vulnerable extensions in the [[http://vel.joomla.org|vel.joomla.org]] clearly marked with the first word in the title being ''Vulnerable'' where the security moderators or JSST team will respond.

This list is change protected,''' for additions or updates email''' ''vel @ joomla.org''

This list is change protected,''' for additions or updates email''' ''vel @ joomla.org''

*If you are seeing this page on any site other than [http://docs.joomla.org/Vulnerable_Extensions_List the Offical Joomla Documentation] you may be seeing an out of date version or experiencing [http://en.wikipedia.org/wiki/Plagiarism plagiary] and the links may not work properly

*If you are seeing this page on any site other than [http://docs.joomla.org/Vulnerable_Extensions_List the Offical Joomla Documentation] you may be seeing an out of date version or experiencing [http://en.wikipedia.org/wiki/Plagiarism plagiary] and the links may not work properly

Revision as of 17:46, 1 May 2013

This page has been archived - Please Do Not Edit or Create Pages placed in this namespace. The pages in the Archived namespace exist only as a historical reference, it will not be improved and its content may be incomplete.

General Information

This document has now been replaced by the website at [1] vel.joomla.org from 1st May 2013 Please refer to there for the latest updates

Check and Report.

Please check with the extension publisher in case of any questions over the security of their product.

General Information

All reports are now to be made via vel.joomla.org.

Report Vulnerable extensions in the [[2]] clearly marked with the first word in the title being Vulnerable where the security moderators or JSST team will respond. This list is change protected, for additions or updates emailvel @ joomla.org

How to use this list

Items will be removed after a suitable period and not on resolution.

All known vulnerable extensions are the listed in the first column "Extension". Any in a red box are where we have not been given a fix. Any in a turquoise box contain a link to the notice about an update with link. Any that are in an uncolored box are a "Contact the Developer About This Extension". Alert Advisory details are in the center column. If the "Extension Update Link & Date Column has Not Known then it is where no update is known.

This list is compiled from found information and may not be an up to date accurate listWe do NOT promise to test or validate these reports. We do NOT guarantee the quality or effectiveness of any updates reported to us or listed here. To sign up for the feed please follow this link

We do not list BETA products, or extensions for J1.0.x

Developers - How to get yourself removed from the VEL

Resolved items will be removed after a suitable period and not on resolution

Please solve the issues and:

If JED listed

To have your extension republished, please follow these steps:

1- Solve the issues.

2- Attach the new zip file at your actual JED listing.

3- Change the extension version at JED listing.

4- Make sure to include a notice in the JED description to the fact that the new release is a "Security Release" and those who use the extension should upgrade immediately.

5- Email the VEL team with a notice of resolution, the latest version number and a link to the security release statement on your website

6- Create a JED listing owner ticket to the JED with a notice and ask that your listing be republished. Include the full details of your new version number and security notice page

VEL email can be found above and the JED support link is in your notice of "unpublication" and here

If not JED listed.

Inform us by email with a notice of resolution, the latest version number and a link to the security release statement on your website.

Joomla Discussions Component

HD Video Share (contushdvideoshare)

Simple File Upload 1.3

January 2011 - Jan 2012 Reported Vulnerable Extensions

Please check with the extension publisher in case of any questions over the security of their product. Report Vulnerable extensions either in the jforum:432 security topic clearly marked with the first word in the title being Vulnerable Report where the security moderators or JSST team will respond or via email to the VEL team. For a guide to the codes